According to Gabriele Bartolini: > Basically this is my idea. I tried it and it works pretty fast and it > is very flexible. I make htsearch write PHP code itself, by generating code > to be evaluated inside the wrapper script. It's needless to say to we have > to be extremely careful about checking the code. > > I am testing it. If you are interested I can share it with you guys and > discuss about it. Waiting for your opinion, especially as far as the > security is concerned.
I wouldn't be able to comment on the security of the PHP code itself, but I could certainly look at the htsearch changes to see if you've opened up any security holes right in htsearch. What did you have to change directly in htsearch, or did you manage everything by using template files to spit out the PHP code? I think the more you do with templates, rather than direct code changes, the better. It keeps the htsearch code clean that way, as well as keeping it general, and the template facility is flexible enough that you should be able to do most of what you need as far as custom output that way. If there are some things that you can't do in template files, that you'd need to do, we can address these limitations on a case by case basis. -- Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]> Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil Dept. Physiology, U. of Manitoba Phone: (204)789-3766 Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930 _______________________________________________ htdig-dev mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/htdig-dev
